我可以从System.Management.EventArrivedEventArgs对象获取ExecutablePath吗?

时间:2010-01-25 17:19:59

标签: c# wql executable-path

我正在使用System.Management.ManagementEventWatcher来获取已启动进程的进程ID和可执行路径:

private void startWatcher_EventArrived(Object sender, EventArrivedEventArgs e)
{
    String processID = e.NewEvent.Properties["ProcessID"].Value.ToString();

    var searcher = new ManagementObjectSearcher(new WqlObjectQuery(String.Format("Select ExecutablePath from Win32_Process where ProcessID = {0}", processID)));

    ManagementObject managementObject = null;
    foreach (ManagementObject obj in searcher.Get())
    {
        managementObject = obj;
        break;
    }

    Console.WriteLine(managementObject["ExecutablePath"]);
}

使用此WQL查询:

  

从中选择ExecutablePath   Win32_ProcessStartTrace

有没有办法可以避免进行对象搜索,但仍然使用EventArrivedEventArgs对象中已有的内容获取ExecutionPath?

我真正需要的是每个启动的新进程的ProcessID和ExecuatblePath。这是最简单的方法吗?

2 个答案:

答案 0 :(得分:1)

不,你得到的就是它的好处。可用属性列在here...

答案 1 :(得分:0)

我相信这篇文章可以帮助您:Using WMI to monitor process creation, deletion and modification in .NET

相关问题
最新问题